saltstack-formulas/bind-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/bind-formula.git synced 2025-04-15 17:20:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1 from saltstack-formulas/master

Browse source 
Updates
This commit is contained in:
Alex Eiswirth 2015-07-29 23:22:50 +02:00
commit d074c098e0
12 changed files with 217 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
LICENSE
View file

@ -1,4 +1,4 @@
Copyright (c) 2013 Salt Stack Formulas
Copyright (c) 2013-2015 Salt Stack Formulas
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -11,4 +11,3 @@
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

26
README.rst
View file

@ -31,9 +31,23 @@ Example Pillar
.. code:: yaml
bind:
config:
name: /etc/named.conf
source: salt://bind/files/named.conf
user: root
group: named
mode: 640
configured_zones:
sub.domain.com:
type: master
notify: False
configured_views:
myview1:
match_clients:
- client1
- client2
configured_zones:
my.zone:
type: master
notify: False
See *bind/pillar.example*.
Notes
=====
* When using views all zones must be configured in views!

145
bind/config.sls
View file

@ -3,6 +3,29 @@
include:
- bind
{{ map.log_dir }}:
file.directory:
- user: root
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: 775
- require:
- pkg: bind
bind_restart:
service.running:
- name: {{ map.service }}
- reload: False
- watch:
- file: {{ map.log_dir }}/query.log
{{ map.log_dir }}/query.log:
file.managed:
- user: bind
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: 644
- require:
- file: {{ map.log_dir }}
named_directory:
file.directory:
- name: {{ map.named_directory }}
@ -13,70 +36,42 @@ named_directory:
- require:
- pkg: bind
{% if grains['os_family'] == 'RedHat' %}
bind_config:
file:
- managed
file.managed:
- name: {{ map.config }}
- source: 'salt://bind/files/redhat/named.conf'
- source: 'salt://{{ map.config_source_dir }}/named.conf'
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '640') }}
- mode: {{ salt['pillar.get']('bind:config:mode', map.mode) }}
- context:
map: {{ map }}
- require:
- pkg: bind
- watch_in:
- service: bind
bind_local_config:
file:
- managed
file.managed:
- name: {{ map.local_config }}
- source: 'salt://bind/files/redhat/named.conf.local'
- source: 'salt://{{ map.config_source_dir }}/named.conf.local'
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- context:
map: {{ map }}
- require:
- pkg: bind
- file: {{ map.log_dir }}/query.log
- watch_in:
- service: named
{% endif %}
- service: bind
{% if grains['os_family'] == 'Debian' %}
bind_config:
file:
- managed
- name: {{ map.config }}
- source: 'salt://bind/files/debian/named.conf'
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- require:
- pkg: bind
- watch_in:
- service: bind
bind_key_config:
file:
- managed
file.managed:
- name: {{ map.key_config }}
- source: 'salt://bind/files/debian/named.conf.key'
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- require:
- pkg: bind
- watch_in:
- service: bind
bind_local_config:
file:
- managed
- name: {{ map.local_config }}
- source: 'salt://bind/files/debian/named.conf.local'
- source: 'salt://{{ map.config_source_dir }}/named.conf.key'
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@ -87,10 +82,9 @@ bind_local_config:
- service: bind
bind_options_config:
file:
- managed
file.managed:
- name: {{ map.options_config }}
- source: 'salt://bind/files/debian/named.conf.options'
- source: 'salt://{{ map.config_source_dir }}/named.conf.options'
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@ -101,10 +95,9 @@ bind_options_config:
- service: bind
bind_default_zones:
file:
- managed
file.managed:
- name: {{ map.default_zones_config }}
- source: 'salt://bind/files/debian/named.conf.default-zones'
- source: 'salt://{{ map.config_source_dir }}/named.conf.default-zones'
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@ -114,30 +107,21 @@ bind_default_zones:
- watch_in:
- service: bind
/var/log/bind9:
file:
- directory
- user: root
- group: bind
- mode: 775
/etc/logrotate.d/{{ map.service }}:
file.managed:
- source: salt://{{ map.config_source_dir }}/logrotate_bind
- template: jinja
/etc/logrotate.d/bind9:
file:
- managed
- source: salt://bind/files/debian/logrotate_bind
- user: root
- group: root
- context:
map: {{ map }}
{% endif %}
{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%}
{%- set file = salt['pillar.get']("available_zones:" + key + ":file") %}
{% for key, args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{% if args['type'] == "master" -%}
zones-{{ file }}:
file:
- managed
file.managed:
- name: {{ map.named_directory }}/{{ file }}
- source: 'salt://bind/zones/{{ file }}'
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
@ -146,10 +130,10 @@ zones-{{ file }}:
- watch_in:
- service: bind
- require:
- file: {{ map.named_directory }}
- file: named_directory
{% if args['dnssec'] is defined and args['dnssec'] -%}
signed-{{file}}:
signed-{{ file }}:
cmd.run:
- cwd: {{ map.named_directory }}
- name: zonesigner -zone {{ key }} {{ file }}
@ -159,3 +143,32 @@ signed-{{file}}:
{% endif %}
{% endfor %}
{%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %}
{% for key,args in view_data.get('configured_zones', {}).iteritems() -%}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{% if args['type'] == "master" -%}
zones-{{ file }}:
file.managed:
- name: {{ map.named_directory }}/{{ file }}
- source: 'salt://bind/zones/{{ file }}'
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- watch_in:
- service: bind
- require:
- file: named_directory
{% if args['dnssec'] is defined and args['dnssec'] -%}
signed-{{ file }}:
cmd.run:
- cwd: {{ map.named_directory }}
- name: zonesigner -zone {{ key }} {{ file }}
- prereq:
- file: zones-{{ file }}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}

4
bind/files/debian/logrotate_bind
View file

@ -1,4 +1,4 @@
/var/log/bind9/query.log {
{{ map.log_dir }}/query.log {
rotate 7
daily
missingok
@ -7,5 +7,7 @@
copytruncate
compress
create 0664 bind root
{% if not salt['pkg.version']('logrotate').startswith('3.7')-%}
su
{% endif %}
}

9
bind/files/debian/named.conf
View file

@ -6,7 +6,8 @@
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.key";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "{{ map.options_config }}";
include "{{ map.local_config }}";
{%- if salt['pillar.get']('bind:keys', {}) is defined %}
include "{{ map.key_config }}";
{% endif %}

58
bind/files/debian/named.conf.local
View file

@ -7,15 +7,29 @@
// organization
//include "/etc/bind/zones.rfc1918";
{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%}
{%- set file = salt['pillar.get']("available_zones:" + key + ":file") %}
{%- set masters = salt['pillar.get']("available_zones:" + key + ":masters") %}
{%- macro zone(key, args, file, masters) %}
zone "{{ key }}" {
type {{ args['type'] }};
{% if args['dnssec'] is defined and args['dnssec'] -%}
file "zones/{{ file }}.signed";
{% else -%}
file "zones/{{ file }}";
{% if args['allow-update'] is defined -%}
{%- endif %}
{% if args['allow-update'] is defined -%}
allow-update { {{args['allow-update']}}; };
{%- endif %}
{%- if args.update_policy is defined %}
update-policy {
{%- for policy in args.update_policy %}
{{ policy }};
{%- endfor %}
};
{%- endif %}
allow-transfer {
{% for remote in args.get('allow-transfer', {}) %}
{{ remote }};
{% endfor %}
};
{% if args['type'] == "master" -%}
{% if args['notify'] -%}
notify yes;
@ -27,9 +41,43 @@ zone "{{ key }}" {
masters { {{ masters }} };
{%- endif %}
};
{%- endmacro %}
{%- if salt['pillar.get']('bind:configured_views', {}) is not defined %}
include "{{ map.default_zones_config }}";
{%- endif %}
{% for key, args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
{{ zone(key, args, file, masters) }}
{% endfor %}
{% for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %}
view {{ view }} {
{%- if view == 'default' %}
include "{{ map.default_zones_config }}";
{%- endif %}
match-clients {
{%- for acl in view_data.get('match_clients', {}) %}
{{ acl }};
{%- endfor %}
};
{% for key, args in view_data.get('configured_zones', {}).iteritems() -%}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
{{ zone(key, args, file, masters) }}
{%- endfor %}
};
{%- endfor %}
logging {
channel "querylog" { file "/var/log/bind9/query.log"; print-time yes; };
channel "querylog" {
file "{{ map.log_dir }}/query.log";
print-time yes;
};
category queries { querylog; };
};

18
bind/files/debian/named.conf.options
View file

@ -15,7 +15,21 @@ options {
// };
auth-nxdomain no; # conform to RFC1035
{% if salt['pillar.get']('bind:config:ipv6', 'False') %}
{%- if salt['pillar.get']('bind:config:ipv6', False) %}
listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; };
{% endif %}
{%- endif -%}
{#- Allow inclusion of arbitrary statements #}
{%- for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%}
{%- if value is iterable and value is not string %}
{{ statement }} {
{%- for item in value %}
{{ item }};
{%- endfor %}
};
{%- else %}
{{ statement }} {{ value }};
{%- endif %}
{%- endfor %}
};

2
bind/files/redhat/named.conf
View file

@ -41,5 +41,5 @@ zone "." IN {
};
include "/etc/named.rfc1912.zones";
include "/etc/named.conf.local";
include "{{ map.local_config }}";
include "/etc/named.root.key";

4
bind/files/redhat/named.conf.local
View file

@ -7,8 +7,8 @@
//include "/etc/bind/zones.rfc1918";
{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%}
{%- set file = salt['pillar.get']("available_zones:" + key + ":file") %}
{%- set masters = salt['pillar.get']("available_zones:" + key + ":masters") %}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
zone "{{ key }}" {
type {{ args['type'] }};
file "data/{{ file }}";

6
bind/init.sls
View file

@ -1,11 +1,9 @@
{% from "bind/map.jinja" import map with context %}
bind:
pkg:
- installed
pkg.installed:
- pkgs: {{ map.pkgs|json }}
service:
- running
service.running:
- name: {{ map.service }}
- enable: True
- reload: True

18
bind/map.jinja
View file

@ -1,23 +1,33 @@
{% set map = salt['grains.filter_by']({
'Debian': {
'pkgs': ['bind9', 'bind9utils'],
'pkgs': ['bind9', 'bind9utils', 'dnssec-tools'],
'service': 'bind9',
'config_source_dir': 'bind/files/debian',
'config': '/etc/bind/named.conf',
'local_config': '/etc/bind/named.conf.local',
'key_config': '/etc/bind/named.conf.key',
'options_config': '/etc/bind/named.conf.options',
'default_zones_config': '/etc/bind/named.conf.default-zones',
'named_directory': '/var/cache/bind/zones',
'log_dir': '/var/log/bind9',
'user': 'root',
'group': 'bind'
'group': 'bind',
'mode': '644'
},
'RedHat': {
'pkgs': ['bind'],
'service': 'named',
'config_source_dir': 'bind/files/redhat',
'config': '/etc/named.conf',
'local_config': '/etc/named.conf.local',
'named_directory': '/var/named/data',
'log_dir': '/var/log/named',
'user': 'root',
'group': 'named'
'group': 'named',
'mode': '640'
},
}, merge=salt['pillar.get']('bind:lookup')) %}
}, merge=salt['grains.filter_by']({
'Ubuntu': {
'log_dir': '/var/log/named'
},
}, grain='os', merge=salt['pillar.get']('bind:lookup'))) %}

25
pillar.example
View file

@ -11,6 +11,8 @@ bind:
user: root
group: named
mode: 640
options:
allow-recursion: '{ any; };' # Never include this on a public resolver
bind:
keys:
@ -23,12 +25,27 @@ bind:
1.168.192.in-addr.arpa:
type: master
notify: False
allow-transfer:
- 1.1.1.1
- 2.2.2.2
dynamic.domain.com:
type: master
allow-update: "key core_dhcp"
notify: True
configured_views:
myview1:
match_clients:
- client1
- client2
configured_zones:
my.zone:
type: master
notify: False
update_policy:
- "grant core_dhcp name dns_entry_allowed_to_update. ANY"
available_zones:
sub.domain.org:
file: db.sub.domain.org
masters: "192.168.0.1;"
bind:
available_zones:
sub.domain.org:
file: db.sub.domain.org
masters: "192.168.0.1;"